Mixed pages - serious bug of tor
slush
slush at centrum.cz
Thu Jul 17 12:13:23 UTC 2008
>
> At first sight this appears to be an exit node problem but then, as I
> read it, you say it occurs with more than one exit node and only at this
> "higher" level of throughput.
I can repeat this problem (I could do it yesterday) by opening large amount
of circuits between my computer and another exit nodes. Currently, I dont
know, if take care, that I connected to many different exit nodes.
Alarm bells are ringing ... to mix streams up like this then streams at
> the "higher" throughput would have to be unencrypted clear streams - yes?
I dont think so. I think it is problem on exit node, when he mix together
two requests (or say better -responses), then encrypt them and send to
clients.
It really looks like normal buffer overflow problem - I can see another
responses, which are pending on exit node, but not for me.
> This would mean that either all tor exits are vulnerable and are mixing
> the streams. Or that traffic is being passed wholesale *-unencrypted-*
> between nodes (so that nodes other than the exit nodes are doing the
> mixing).
I dont think so, as I wrote above.
Sh*ttt.. whatever.. this is a major BUG.
Yes, it is. The worst is, that you dont need anything special to simulate
this problem. What you need is two years old notebook and 256kbit upload on
internet connection (my case).
Regards,
Marek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20080717/e9641528/attachment.htm>
More information about the tor-talk
mailing list